Virus Encyclopedia

Welcome to the Virus Encyclopedia of Panda Security.


Threat LevelHigh threat
DistributionModerately widespread
Common name:Sasser.A
Technical name:W32/Sasser.A.worm
Threat level:High

It restarts the computer. It spreads by exploiting the LSASS vulnerability.

Affected platforms:

Windows 2003/XP/2000/NT/ME/98/95

First detected on:May 1, 2004
Detection updated on:March 6, 2006
Proactive protection:
Yes, using TruPrevent Technologies
Repair utility:Panda QuickRemover

Brief Description 


Sasser.A is a worm that spreads via the Internet by exploiting the LSASS vulnerability in remote computers. This vulnerability is critical for Windows XP/2000 operating systems that are not properly updated.

Sasser.A restarts the computer automatically when it attempts to exploit the already mentioned vulnerability.

Sasser.A only spreads automatically to Windows XP/2000 computers. However, computers with other Windows operating systems can also be a source of transmission when a malicious user runs the file containing the worm in any of these computers.

If you have a Windows XP/2000 computer, it is highly recommendable to download the security patch for the LSASS vulnerability from the Microsoft website.

Visible Symptoms 


Sasser.A is easy to recognize, as it restarts Windows XP/2000 computers when it attempts to affect this computer by exploiting the LSASS vulnerability. When this action is carried out, Sasser.A displays the following message on screen: